Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e2b93b0 by Salvatore Bonaccorso at 2022-03-24T22:13:12+01:00
Add two new trafficserver issues (CVE-2021-44759, CVE-2021-44040)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21691,7 +21691,10 @@ CVE-2021-23170
CVE-2021-23148
RESERVED
CVE-2021-44759 (Improper Authentication vulnerability in TLS origin validation
of Apac ...)
- TODO: check
+ - trafficserver 9.1.0+ds-1
+ NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6
+ NOTE: Mark first 9.x version as fixed version, as the issue only
affects versions
+ NOTE: 8.x up to 8.1.3.
CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO
extensio ...)
NOT-FOR-US: McAfee
CVE-2021-4087
@@ -23925,7 +23928,8 @@ CVE-2021-3983 (kimai2 is vulnerable to Improper
Neutralization of Input During W
CVE-2022-21742
RESERVED
CVE-2021-44040 (Improper Input Validation vulnerability in request line
parsing of Apa ...)
- TODO: check
+ - trafficserver <unfixed>
+ NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6
CVE-2021-44039
RESERVED
CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe
chown/chmod op ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2b93b06968be9152ddd9e735a0cc00298b6387
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2b93b06968be9152ddd9e735a0cc00298b6387
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
